Fujitsu reports malware detected and data breach

Fujitsu is reporting a security incident after the discovery of malware on several of its business computers on March 15, 2024.

Fujitsu's internal investigation confirmed the presence of malicious software on multiple systems, which enabled unauthorized access to sensitive files containing personal and customer data. The affected computers were isolated and Fujitsu is implementing further controls and monitoring for other unauthorized access.

This malware enabled unauthorized individuals to extract files containing sensitive personal and customer information. Unfortunately no detals are disclosed about the breached data or number of affected individuals.

The company reported the incident to the Personal Information Protection Commission due to the potential risk to personal information, although there have been no reports of misuse of the leaked information.

Fujitsu is communicating with individuals and customers potentially impacted by the breach, offering them personalized reports detailing the situation.

Update - as of 10th of July 2024, Fujitsu reported that the investigation concluded the malware had been installed on one of Fujitsu’s business computers and subsequently spread to other work computers within the company’s internal network in Japan. Unlike ransomware, this malware employed advanced techniques to disguise itself, making it extremely difficult to detect. Despite sophisticated evasion tactics, the investigation confirmed that the number of infected computers and those affected by the copying commands did not exceed the initially detected 49 computers.

The malware executed commands to copy certain files, which contained:

• Personal information of some individuals.
• Business-related information of customers.

Fujitsu has proactively notified affected customers and has reported no misuse of the compromised information to date.